store card serial number in 'rrn' user attribute if defined (#7375)

2015-05-27 16:45:03 +02:00 · 2015-05-27 16:45:03 +02:00 · 330e8fdad0
parent 3c2011304f
commit 330e8fdad0
2 changed files with 22 additions and 4 deletions
--- a/src/authentic2_beid/util.py
+++ b/src/authentic2_beid/util.py
@ -1,3 +1,5 @@
+from authentic2.models import Attribute
+
 from authentic2.auth2_auth.auth2_ssl.util import SSLInfo as BaseSSLInfo
 from authentic2.auth2_auth.auth2_ssl.util import explode_dn

@ -14,7 +16,21 @@ def get_x509_url(request):
    return 'https://%s:%s' % (request.get_host().split(':')[0],
                    app_settings.AUTH_PORT)

-def get_user_names(ssl_info):
+def get_dn(ssl_info):
    dn = ssl_info.get('subject_dn')
-    data = dict(explode_dn(dn))
-    return data['GN'].split(' ', 1)
+    return dict(explode_dn(dn))
+
+def get_user_names(ssl_info):
+    dn = get_dn(ssl_info)
+    return dn['GN'].split(' ', 1)
+
+def get_rrn(ssl_info):
+    dn = get_dn(ssl_info)
+    return dn['serialNumber']
+
+def set_rrn(user, ssl_info):
+    try:
+        rrn = Attribute.objects.get(name='rrn')
+        rrn.set_value(user, get_rrn(ssl_info))
+    except Attribute.DoesNotExist:
+        pass
--- a/src/authentic2_beid/views.py
+++ b/src/authentic2_beid/views.py
@ -14,7 +14,7 @@ from authentic2.utils import continue_to_next_url, redirect, redirect_to_login
 from authentic2.registration_backend.views import valid_token, RegistrationCompletionView

 from .backends import BeIDBackend
-from .util import SSLInfo, get_x509_url, get_user_names
+from .util import SSLInfo, get_x509_url, get_user_names, set_rrn

 logger = logging.getLogger(__name__)

@ -40,6 +40,7 @@ def add_beid(request):
    if request.user.is_authenticated:
        ssl_info  = SSLInfo(request)
        if BeIDBackend().link_user(ssl_info, request.user):
+            set_rrn(request.user, ssl_info)
            logger.info('Successful linking of the SSL '
               'certificate to an account')
            messages.info(request, _('BeID card successfully linked to your account'))
@ -97,6 +98,7 @@ class BeIDRegistrationCompletionView(RegistrationCompletionView):
    def form_valid(self, form):
        ret = super(BeIDRegistrationCompletionView, self).form_valid(form)
        if self.request.session.get('ssl_info'):
+            set_rrn(user, self.request.session['ssl_info'])
            cert = models.ClientCertificate(user=self.object)
            cert.__dict__.update(self.request.session['ssl_info'])
            cert.save()